Can I run BIND9 in a vserver? If yes, is there something I
need to be aware of? (One of my nameservers died, so I'm
considering virtualizing DNS).
--
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820
Eugen Leitl a écrit :
Can I run BIND9 in a vserver? If yes, is there something I
need to be aware of? (One of my nameservers died, so I'm
considering virtualizing DNS).
Yes you can but you need to be aware of these capabilities
CAP_MKNOD ( first launch on fedora , you can remove it afte
> Eugen Leitl a écrit :
> > Can I run BIND9 in a vserver? If yes, is there something I
> > need to be aware of? (One of my nameservers died, so I'm
> > considering virtualizing DNS).
> Or you have to compile bind with --disable-linux-caps
--> MUCH better ! (security wise)
--
regards,
Georges
jean-marc pouchoulon wrote:
Eugen Leitl a écrit :
Can I run BIND9 in a vserver? If yes, is there something I
need to be aware of? (One of my nameservers died, so I'm
considering virtualizing DNS).
Yes you can but you need to be aware of these capabilities
CAP_MKNOD ( first launch on f
Or you have to compile bind with --disable-linux-caps
--> MUCH better ! (security wise)
I'd like to know what is the security problem with CAP_SYS_RESSOURCE ?
Herbert said
"Currently the following Linux Capabilities are considered secure, if
you add others to them, you will probabl
> I'd like to know what is the security problem with CAP_SYS_RESSOURCE ?
> Herbert said
> "Currently the following Linux Capabilities are considered secure, if
> you add others to them, you will probably open some security hole."
>
> but what is the problem with override resource limits, quota, re
On Sun,Jun,11,2006, Georges Toth wrote:
>
> > I'd like to know what is the security problem with CAP_SYS_RESSOURCE ?
> > Herbert said
> > "Currently the following Linux Capabilities are considered secure, if
> > you add others to them, you will probably open some security hole."
> > [...]
> [...]
On Sun, Jun 11, 2006 at 01:46:03PM +0200, jean-marc pouchoulon wrote:
> Eugen Leitl a écrit :
> >Can I run BIND9 in a vserver? If yes, is there something I
> >need to be aware of? (One of my nameservers died, so I'm
> >considering virtualizing DNS).
> >
> >
> >
>
> Yes you can but you need to
My first post here and i would like to thank to all the developers for
their terrific work.
Now, my problem. Short story: kernel 2.4.24, vserver 1.26 (no other
patches). bind9 with nocapset (Paul Sladen's debian packages), running
inside a vserver. doesn't answer to udp requests, but works with tc
Viorel Anghel wrote:
My first post here and i would like to thank to all the developers for
their terrific work.
Now, my problem. Short story: kernel 2.4.24, vserver 1.26 (no other
patches). bind9 with nocapset (Paul Sladen's debian packages), running
inside a vserver. doesn't answer to udp request
On Thursday 12 February 2004 13:58, Christian Mayrhuber wrote:
> Viorel Anghel wrote:
> > My first post here and i would like to thank to all the developers for
> > their terrific work.
> >
> > Now, my problem. Short story: kernel 2.4.24, vserver 1.26 (no other
> > patches). bind9 with nocapset (Pa
BIND9 does not even need CAP_SYS_RESOURCE. It is running in a vserver
here (1.2x) without problems with S_CAP="" in the config file.
Why grant it things it does not need?
Alex Lyashkov wrote:
On Thursday 12 February 2004 13:58, Christian Mayrhuber wrote:
Viorel Anghel wrote:
My first post her
On Thu, Feb 12, 2004 at 01:25:42PM +0100, Floris van Gog wrote:
> BIND9 does not even need CAP_SYS_RESOURCE. It is running in a vserver
> here (1.2x) without problems with S_CAP="" in the config file.
which 1.2x exactly?
> Why grant it things it does not need?
>
>
> Alex Lyashkov wrote:
>
> >
This is a server running 1.22.
Viorel Anghel wrote:
On Thu, Feb 12, 2004 at 01:25:42PM +0100, Floris van Gog wrote:
BIND9 does not even need CAP_SYS_RESOURCE. It is running in a vserver
here (1.2x) without problems with S_CAP="" in the config file.
which 1.2x exactly?
Why grant it things it
Floris van Gog wrote:
BIND9 does not even need CAP_SYS_RESOURCE. It is running in a vserver
here (1.2x) without problems with S_CAP="" in the config file.
Why grant it things it does not need?
Standard bind9 on debian does not even start without CAP_SYS_RESOURCE.
That's why there are packages fro
15 matches
Mail list logo
